<?
session_start();
require("includes/connect.inc.php");

if(!empty($_POST)) {

	$currUrl = 'http://' . $_SERVER['HTTP_HOST'] . rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
	$readerUrl = "$currUrl/reader.php";
	$providerUrl = "$currUrl/provider.php";
	$adminUrl = "$currUrl/admin.php";
	$publisherUrl = "$currUrl/publisher.php";
	
	
	$sql = "SELECT * FROM reader WHERE username='".$_POST['username']."' AND password='".sha1($_POST['password'])."'";
	$query = $db->sql_query($sql);
	if($db->sql_numrows($query) == 1){
		$_SESSION['auth'] = true;
		$_SESSION['rule'] = "READER";
		$_SESSION['userdata'] = $db->sql_fetchrow($query);
		header("location:$readerUrl");
		exit;
	}
	
	$sql = "SELECT * FROM publisher WHERE username='".$_POST['username']."' AND password='".sha1($_POST['password'])."'";
	$query = $db->sql_query($sql);
	if($db->sql_numrows($query) == 1){
		$_SESSION['auth'] = true;
		$_SESSION['rule'] = "PUBLISHER";
		$_SESSION['userdata'] = $db->sql_fetchrow($query);
		header("location:$publisherUrl");
		exit;
	}
	
	$sql = "SELECT * FROM provider WHERE username='".$_POST['username']."' AND password='".sha1($_POST['password'])."'";
	$query = $db->sql_query($sql);
	if($db->sql_numrows($query) == 1){
		$_SESSION['auth'] = true;
		$_SESSION['rule'] = "PROVIDER";
		$_SESSION['userdata'] = $db->sql_fetchrow($query);
		header("location:$providerUrl");
		exit;
	}
	
	$sql = "SELECT * FROM admin WHERE username='".$_POST['username']."' AND password='".sha1($_POST['password'])."'";
	$query = $db->sql_query($sql);
	if($db->sql_numrows($query) == 1){
		$_SESSION['auth'] = true;
		$_SESSION['rule'] = "ADMIN";
		$_SESSION['userdata'] = $db->sql_fetchrow($query);
		header("location:$adminUrl");
		exit;
	}
	
	$db->sql_close();
	unset($_POST);
	
	$_SESSION['auth'] = false;
	$_SESSION['rule'] = "";
	$_SESSION['userdata'] = "";
	echo "Wrong Password.<br />You will be redirect to login page in 5 second.\n";
	echo "<meta http-equiv=\"Refresh\" content=\"5;url=index.php\">";

} else {
?>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Login</title>
<link href="itelement.css" rel="stylesheet" type="text/css" />
<script src="jscripts/itelement.js" type=text/javascript></script>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head>
<body>
<div class="itelement" id="header">IT Element </div>
<div class="main" style="text-align:center; vertical-align:middle">
<table width="100%" height="100%">
<tr>
  <td>&nbsp;</td><td>&nbsp;</td>
<td>&nbsp;</td></tr>
<tr>
  <td>&nbsp;</td><td>
<div style="width:300;height:150;background-color:#d0e3f1;padding:20px">
<b>login</b><br>
<form action="index.php" method="post">
username<br>
<input name="username" type="text" size="25">
<br>
password<br>
<input name="password" type="password" size="25"><br>
<input type="submit" value="login">
</form>
</div>
</td><td>&nbsp;</td></tr>
<tr>
  <td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>

</td></tr></table>
</div>
</body>
</html>
<?php
}
?>